An ordinary user (UID 1001) launches the program, then inspects its credentials in /proc//status and sees:
Uid: 1001 0 0 0
Gid: 100 100 100 100
(The four values shown for Uid are, in order, the real, effective, saved-set and filesystem user IDs.)
Moments later the program successfully opens /etc/shadow, a file that is readable only by root. Which identifier shown in the Uid line was actually used by the kernel to determine that the process could read that file?
When an executable with the set-user-ID (setuid) bit set is started, the kernel sets the process's effective user ID (EUID) to the owner of the file-in this case 0 (root)-while leaving the real UID equal to the user who launched it. Linux performs permission checks for most system resources (and, via the automatically-mirrored filesystem UID, for files) against the effective UID. Because the EUID is 0, the process is treated as root and is therefore allowed to read /etc/shadow. The real UID (1001), saved-set UID (0) and group IDs do not participate in the immediate access check.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the set-user-ID (setuid) bit?
Open an interactive chat with Bash
Why does Linux use the effective user ID for permission checks?
Open an interactive chat with Bash
What is the purpose of the saved set-user-ID?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access